
<!DOCTYPE HTML>
<html lang="" >
    <head>
        <meta charset="UTF-8">
        <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
        <title>Nginx · GitBook</title>
        <meta http-equiv="X-UA-Compatible" content="IE=edge" />
        <meta name="description" content="">
        <meta name="generator" content="GitBook 3.2.3">
        
        
        
    
    <link rel="stylesheet" href="../gitbook/style.css">

    
            
                
                <link rel="stylesheet" href="../gitbook/gitbook-plugin-back-to-top-button/plugin.css">
                
            
                
                <link rel="stylesheet" href="../gitbook/gitbook-plugin-chapter-fold/chapter-fold.css">
                
            
                
                <link rel="stylesheet" href="../gitbook/gitbook-plugin-splitter/splitter.css">
                
            
                
                <link rel="stylesheet" href="../gitbook/gitbook-plugin-search-pro/search.css">
                
            
                
                <link rel="stylesheet" href="../gitbook/gitbook-plugin-insert-logo/plugin.css">
                
            
                
                <link rel="stylesheet" href="../gitbook/gitbook-plugin-pageview-count/plugin.css">
                
            
                
                <link rel="stylesheet" href="../gitbook/gitbook-plugin-tbfed-pagefooter/footer.css">
                
            
                
                <link rel="stylesheet" href="../gitbook/gitbook-plugin-highlight/website.css">
                
            
                
                <link rel="stylesheet" href="../gitbook/gitbook-plugin-fontsettings/website.css">
                
            
        

    

    
        
    
        
    
        
    
        
    
        
    
        
    

        
    
    
    <meta name="HandheldFriendly" content="true"/>
    <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no">
    <meta name="apple-mobile-web-app-capable" content="yes">
    <meta name="apple-mobile-web-app-status-bar-style" content="black">
    <link rel="apple-touch-icon-precomposed" sizes="152x152" href="../gitbook/images/apple-touch-icon-precomposed-152.png">
    <link rel="shortcut icon" href="../gitbook/images/favicon.ico" type="image/x-icon">

    
    <link rel="next" href="Apache.html" />
    
    
    <link rel="prev" href="IIS7.html" />
    

    </head>
    <body>
        
<div class="book">
    <div class="book-summary">
        
            
<div id="book-search-input" role="search">
    <input type="text" placeholder="Type to search" />
</div>

            
                <nav role="navigation">
                


<ul class="summary">
    
    

    

    
        
        
    
        <li class="chapter " data-level="1.1" data-path="../">
            
                <a href="../">
            
                    
                    Introduction
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.2" data-path="../base.html">
            
                <a href="../base.html">
            
                    
                    数字证书基础知识
            
                </a>
            

            
            <ul class="articles">
                
    
        <li class="chapter " data-level="1.2.1" data-path="../base/domain.html">
            
                <a href="../base/domain.html">
            
                    
                    域名相关技术介绍
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.2.2" data-path="../base/ip.html">
            
                <a href="../base/ip.html">
            
                    
                    IP地址相关技术介绍
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.2.3" data-path="../base/server.html">
            
                <a href="../base/server.html">
            
                    
                    服务器相关技术介绍
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.2.4" data-path="../base/https.html">
            
                <a href="../base/https.html">
            
                    
                    HTTPS原理
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.2.5" data-path="../base/pki.html">
            
                <a href="../base/pki.html">
            
                    
                    PKI体系
            
                </a>
            

            
        </li>
    

            </ul>
            
        </li>
    
        <li class="chapter " data-level="1.3" data-path="../install.html">
            
                <a href="../install.html">
            
                    
                    数字证书安装教程
            
                </a>
            

            
            <ul class="articles">
                
    
        <li class="chapter " data-level="1.3.1" data-path="IIS6.html">
            
                <a href="IIS6.html">
            
                    
                    IIS6
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.3.2" data-path="IIS7.html">
            
                <a href="IIS7.html">
            
                    
                    IIS7
            
                </a>
            

            
        </li>
    
        <li class="chapter active" data-level="1.3.3" data-path="Nginx.html">
            
                <a href="Nginx.html">
            
                    
                    Nginx
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.3.4" data-path="Apache.html">
            
                <a href="Apache.html">
            
                    
                    Apache
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.3.5" data-path="TomCat.html">
            
                <a href="TomCat.html">
            
                    
                    TomCat
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.3.6" data-path="bt.html">
            
                <a href="bt.html">
            
                    
                    宝塔面板
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.3.7" data-path="Cpanl.html">
            
                <a href="Cpanl.html">
            
                    
                    Cpanl面板
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.3.8" data-path="other.html">
            
                <a href="other.html">
            
                    
                    其他
            
                </a>
            

            
        </li>
    

            </ul>
            
        </li>
    
        <li class="chapter " data-level="1.4" data-path="../ecmp.html">
            
                <a href="../ecmp.html">
            
                    
                    ECManager使用
            
                </a>
            

            
            <ul class="articles">
                
    
        <li class="chapter " data-level="1.4.1" data-path="../ecmp/registration.html">
            
                <a href="../ecmp/registration.html">
            
                    
                    用户注册
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.4.2" data-path="../ecmp/Improve.html">
            
                <a href="../ecmp/Improve.html">
            
                    
                    完善用户资料
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.4.3" data-path="../ecmp/protection.html">
            
                <a href="../ecmp/protection.html">
            
                    
                    开启登陆保护
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.4.4" data-path="../ecmp/Recharge.html">
            
                <a href="../ecmp/Recharge.html">
            
                    
                    账户充值
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.4.5" data-path="../ecmp/csr.html">
            
                <a href="../ecmp/csr.html">
            
                    
                    生成CSR
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.4.6" data-path="../ecmp/cname.html">
            
                <a href="../ecmp/cname.html">
            
                    
                    DNS验证域名所属权
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.4.7" data-path="../ecmp/file.html">
            
                <a href="../ecmp/file.html">
            
                    
                    文件验证域名所属权
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.4.8" data-path="../ecmp/mail.html">
            
                <a href="../ecmp/mail.html">
            
                    
                    邮件验证域名所属权
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.4.9" data-path="../ecmp/single.html">
            
                <a href="../ecmp/single.html">
            
                    
                    签发DV单域名数字证书
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.4.10" data-path="../ecmp/muitl.html">
            
                <a href="../ecmp/muitl.html">
            
                    
                    签发DV多域名数字证书
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.4.11" data-path="../ecmp/Wildcard.html">
            
                <a href="../ecmp/Wildcard.html">
            
                    
                    签发DV泛域名数字证书
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.4.12" data-path="../ecmp/company.html">
            
                <a href="../ecmp/company.html">
            
                    
                    签发企业OV/EV多域名数字证书
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.4.13" data-path="../ecmp/replace.html">
            
                <a href="../ecmp/replace.html">
            
                    
                    单域名/泛域名证书更换域名
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.4.14" data-path="../ecmp/modify.html">
            
                <a href="../ecmp/modify.html">
            
                    
                    多域名证书增加/删除/修改域名
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.4.15" data-path="../ecmp/revoke.html">
            
                <a href="../ecmp/revoke.html">
            
                    
                    证书吊销
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.4.16" data-path="../ecmp/Refund.html">
            
                <a href="../ecmp/Refund.html">
            
                    
                    数字证书退款
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.4.17" data-path="../ecmp/caa.html">
            
                <a href="../ecmp/caa.html">
            
                    
                    更改DNS CAA记录
            
                </a>
            

            
        </li>
    

            </ul>
            
        </li>
    
        <li class="chapter " data-level="1.5" data-path="../q.html">
            
                <a href="../q.html">
            
                    
                    常见问题
            
                </a>
            

            
            <ul class="articles">
                
    
        <li class="chapter " data-level="1.5.1" data-path="../q/tls1_2.html">
            
                <a href="../q/tls1_2.html">
            
                    
                    Windows Server 2008 R2 IIS 7.5开启TLS 1.2
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.5.2" data-path="../q/iis7_qianyi.html">
            
                <a href="../q/iis7_qianyi.html">
            
                    
                    IIS7站点批量迁移到另一台IIS7服务器
            
                </a>
            

            
        </li>
    

            </ul>
            
        </li>
    

    

    <li class="divider"></li>

    <li>
        <a href="https://www.gitbook.com" target="blank" class="gitbook-link">
            Published with GitBook
        </a>
    </li>
</ul>


                </nav>
            
        
    </div>

    <div class="book-body">
        
            <div class="body-inner">
                
                    

<div class="book-header" role="navigation">
    

    <!-- Title -->
    <h1>
        <i class="fa fa-circle-o-notch fa-spin"></i>
        <a href=".." >Nginx</a>
    </h1>
</div>




                    <div class="page-wrapper" tabindex="-1" role="main">
                        <div class="page-inner">
                            
<div id="book-search-results">
    <div class="search-noresults">
    
                                <section class="normal markdown-section">
                                
                                <h1 id="nginx&#x914D;&#x7F6E;-ssl&#x8BC1;&#x4E66;">Nginx&#x914D;&#x7F6E; SSL&#x8BC1;&#x4E66;</h1>
<h2 id="&#x914D;&#x7F6E;ssl&#x8BC1;&#x4E66;">&#x914D;&#x7F6E;SSL&#x8BC1;&#x4E66;</h2>
<h4 id="&#x4E00;&#x3001;&#x67E5;&#x627E;&#x914D;&#x7F6E;&#x6587;&#x4EF6;">&#x4E00;&#x3001;&#x67E5;&#x627E;&#x914D;&#x7F6E;&#x6587;&#x4EF6;</h4>
<p>&#x5F00;&#x59CB;&#x914D;&#x7F6E;&#x4E4B;&#x524D;&#x60A8;&#x9700;&#x8981;&#x627E;&#x5230;&#x4F4D;&#x4E8E;&#x5BA2;&#x6237;&#x673A;&#x4E0A;&#x7684;Nginx&#x7684;etc/nginx/conf&#x6587;&#x4EF6;&#x5939;&#x3002;
&#xFF08;linux&#x7CFB;&#x7EDF;&#x7531;&#x4E8E;&#x4E2A;&#x4EBA;&#x7684;&#x559C;&#x597D;&#x5B89;&#x88C5;&#x76EE;&#x5F55;&#x4E0D;&#x540C;&#xFF0C;&#x82E5;&#x65E0;&#x6CD5;&#x627E;&#x5230;&#xFF0C;&#x8BF7;&#x8F93;&#x5165;whereis nginx&#x547D;&#x4EE4;&#xFF0C;&#x67E5;&#x770B;nginx&#x8DEF;&#x5F84;&#xFF09;</p>
<h4 id="&#x4E8C;&#x3001;&#x4E0A;&#x4F20;&#x8BC1;&#x4E66;&#x6587;&#x4EF6;&#x548C;key&#x6587;&#x4EF6;">&#x4E8C;&#x3001;&#x4E0A;&#x4F20;&#x8BC1;&#x4E66;&#x6587;&#x4EF6;&#x548C;Key&#x6587;&#x4EF6;</h4>
<p>&#x8FD9;&#x91CC;&#x6211;&#x4EEC;&#x5047;&#x8BBE;&#x60A8;&#x7684;Nginx&#x57DF;&#x540D;&#x914D;&#x7F6E;&#x6587;&#x4EF6;&#x5730;&#x5740;&#x662F;/usr/local/nginx/conf/vhost/v2ssl_comdomain.conf</p>
<p>&#x8BF7;&#x5C06;&#x60A8;&#x7684;&#x8BC1;&#x4E66;&#x6587;&#x4EF6;&#x548C;Key&#x6587;&#x4EF6;&#x4E0A;&#x4F20;&#x81F3;/usr/local/nginx/conf/ssl&#xFF0C;&#x5982;&#x679C;ssl&#x6587;&#x4EF6;&#x5939;&#x4E0D;&#x5B58;&#x5728;&#x8BF7;&#x60A8;&#x81EA;&#x884C;&#x521B;&#x5EFA;&#x3002;</p>
<h4 id="&#x4E09;&#x3001;&#x7F16;&#x8F91;&#x60A8;&#x7684;nginx&#x57DF;&#x540D;&#x914D;&#x7F6E;&#x6587;&#x4EF6;">&#x4E09;&#x3001;&#x7F16;&#x8F91;&#x60A8;&#x7684;Nginx&#x57DF;&#x540D;&#x914D;&#x7F6E;&#x6587;&#x4EF6;</h4>
<p>&#x9ED8;&#x8BA4;&#x60C5;&#x51B5;&#x4E0B;&#xFF0C;HTTP&#x662F;&#x53EF;&#x4EE5;&#x8BBF;&#x95EE;&#x7684;&#xFF0C;&#x73B0;&#x5728;&#x8BF7;&#x60A8;&#x6253;&#x5F00;&#x60A8;&#x7684;&#x7AD9;&#x70B9;&#x914D;&#x7F6E;&#x6587;&#x4EF6;&#x5E76;&#x52A0;&#x5165;&#x4E0B;&#x5217;&#x51E0;&#x884C;&#x4EE3;&#x7801;&#x81F3;listen:80&#x4E4B;&#x540E;</p>
<pre><code>listen 443 ssl;    
ssl on;
ssl_certificate /usr/local/nginx/conf/ssl/trustocean_com_doamin.pem;
ssl_certificate_key /usr/local/nginx/conf/ssl/trustocean_com_doamin.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-R SA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-SHA:!aNULL:!eNULL:!EXPORT:!DES:!3DES: !MD5:!DSS:!PKS;
ssl_session_cache builtin:1000 shared:SSL:10m;
</code></pre><p>&#x52A0;&#x5165;&#x4EE5;&#x4E0A;&#x5185;&#x5BB9;&#x540E;&#xFF0C;&#x60A8;&#x7684;&#x7AD9;&#x70B9;&#x914D;&#x7F6E;&#x6587;&#x4EF6;&#x7C7B;&#x4F3C;&#x4E8E;</p>
<pre><code>server
{
listen 80;
listen 443 ssl;
ssl on;
ssl_certificate /usr/local/nginx/conf/ssl/trustocean_com_doamin.pem;
ssl_certificate_key /usr/local/nginx/conf/ssl/trustocean_com_doamin.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-S HA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-R SA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-SHA:!aNULL:!eNULL:!EXPORT:!DES:!3DES: !MD5:!DSS:!PKS;
ssl_session_cache builtin:1000 shared:SSL:10m;
server_name www.x2ssl.com v2ssl.com;
index index.html index.htm index.php default.html default.htm default.php;
root /home/wwwroot/vhost/trustocean.com.root/;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires     30d;
}
location ~ .*\.(js|css)?$
{
expires     12h;
}
location ~ /\.
{
deny all;
}
location ~ .*\.(tpl|inc|cfg)
{
deny all;
}
access_log off;
}
</code></pre><p>&#x4FDD;&#x5B58;&#x914D;&#x7F6E;&#x6587;&#x4EF6;&#x3002;</p>
<p>&#x4F7F;&#x7528;&#x96C6;&#x6210;&#x73AF;&#x5883;&#x7684;&#x63A7;&#x5236;&#x9762;&#x677F;&#x6216;&#x547D;&#x4EE4;&#x884C;<code>&#x91CD;&#x542F;Nginx</code>&#xFF0C;&#x914D;&#x7F6E;&#x5B8C;&#x6210;&#x3002;</p>
<h2 id="&#x5F3A;&#x5236;https">&#x5F3A;&#x5236;HTTPS</h2>
<h4 id="&#x4E00;&#x3001;&#x67E5;&#x627E;&#x914D;&#x7F6E;&#x6587;&#x4EF6;">&#x4E00;&#x3001;&#x67E5;&#x627E;&#x914D;&#x7F6E;&#x6587;&#x4EF6;</h4>
<p>&#x5F00;&#x59CB;&#x914D;&#x7F6E;&#x4E4B;&#x524D;&#x60A8;&#x9700;&#x8981;&#x627E;&#x5230;&#x4F4D;&#x4E8E;&#x5BA2;&#x6237;&#x673A;&#x7684;Nginx&#x7684;etc/nginx/conf&#x6587;&#x4EF6;&#x5939;&#x3002;
&#xFF08;linux&#x7CFB;&#x7EDF;&#x7531;&#x4E8E;&#x4E2A;&#x4EBA;&#x7684;&#x559C;&#x597D;&#x5B89;&#x88C5;&#x76EE;&#x5F55;&#x4E0D;&#x540C;&#xFF0C;&#x82E5;&#x65E0;&#x6CD5;&#x627E;&#x5230;&#xFF0C;&#x8BF7;&#x8F93;&#x5165;whereis nginx&#x547D;&#x4EE4;&#xFF0C;&#x67E5;&#x770B;nginx&#x8DEF;&#x5F84;&#xFF09;</p>
<h4 id="&#x4E8C;&#x3001;&#x7F16;&#x8F91;&#x60A8;&#x7684;nginx&#x57DF;&#x540D;&#x914D;&#x7F6E;&#x6587;&#x4EF6;">&#x4E8C;&#x3001;&#x7F16;&#x8F91;&#x60A8;&#x7684;Nginx&#x57DF;&#x540D;&#x914D;&#x7F6E;&#x6587;&#x4EF6;</h4>
<p>&#x9ED8;&#x8BA4;&#x60C5;&#x51B5;&#x4E0B;&#xFF0C;HTTP&#x662F;&#x53EF;&#x4EE5;&#x8BBF;&#x95EE;&#x7684;&#xFF0C;&#x73B0;&#x5728;&#x8BF7;&#x60A8;&#x6253;&#x5F00;&#x60A8;&#x7684;&#x57DF;&#x540D;&#x914D;&#x7F6E;&#x6587;&#x4EF6;&#x3002;</p>
<pre><code>rewrite ^(.*)$ https://$host$1 permanent;
</code></pre><p>&#x5C06;&#x8DF3;&#x8F6C;&#x4EE3;&#x7801;&#x52A0;&#x81F3;listen 80 &#x540E;</p>
<pre><code>server
{
listen 80;
server_name www.x2ssl.com v2ssl.com;
rewrite ^(.*)$ https://$host$1 permanent;
}
server
{
listen 443 ssl;
ssl on;
ssl_certificate /usr/local/nginx/conf/ssl/v2ssl_com_doamin.pem;
ssl_certificate_key /usr/local/nginx/conf/ssl/v2ssl_com_doamin.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # TLS
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-S HA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-R SA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-SHA:!aNULL:!eNULL:!EXPORT:!DES:!3DES: !MD5:!DSS:!PKS;
ssl_session_cache builtin:1000 shared:SSL:10m;
server_name www.v2ssl.com v2ssl.com;
index index.html index.htm index.php default.html default.htm default.php;
root /home/wwwroot/vhost/v2ssl.com.root/;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires     30d;
}
location ~ .*\.(js|css)?$
{
expires     12h;
}
location ~ /\.
{
deny all;
}
location ~ .*\.(tpl|inc|cfg)
{
deny all;
}
access_log off;
}
</code></pre><p>&#x4FDD;&#x5B58;&#x914D;&#x7F6E;&#x6587;&#x4EF6;&#x3002;
&#x4F7F;&#x7528;&#x96C6;&#x6210;&#x73AF;&#x5883;&#x7684;&#x63A7;&#x5236;&#x9762;&#x677F;&#x6216;&#x547D;&#x4EE4;&#x884C;<code>&#x91CD;&#x542F;Nginx</code>&#xFF0C;&#x914D;&#x7F6E;&#x5B8C;&#x6210;&#x3002;</p>
<h2 id="&#x914D;&#x7F6E;-hsts&#x5B89;&#x5168;&#x7B56;&#x7565;">&#x914D;&#x7F6E; HSTS&#x5B89;&#x5168;&#x7B56;&#x7565;</h2>
<h4 id="&#x4E00;&#x3001;&#x67E5;&#x627E;&#x914D;&#x7F6E;&#x6587;&#x4EF6;">&#x4E00;&#x3001;&#x67E5;&#x627E;&#x914D;&#x7F6E;&#x6587;&#x4EF6;</h4>
<p>&#x5F00;&#x59CB;&#x914D;&#x7F6E;&#x4E4B;&#x524D;&#x60A8;&#x9700;&#x8981;&#x627E;&#x5230;&#x4F4D;&#x4E8E;&#x5BA2;&#x6237;&#x673A;&#x7684;Nginx&#x7684;etc/nginx/conf&#x6587;&#x4EF6;&#x5939;&#x3002;
&#xFF08;linux&#x7CFB;&#x7EDF;&#x7531;&#x4E8E;&#x4E2A;&#x4EBA;&#x7684;&#x559C;&#x597D;&#x5B89;&#x88C5;&#x76EE;&#x5F55;&#x4E0D;&#x540C;&#xFF0C;&#x82E5;&#x65E0;&#x6CD5;&#x627E;&#x5230;&#xFF0C;&#x8BF7;&#x8F93;&#x5165;whereis nginx&#x547D;&#x4EE4;&#xFF0C;&#x67E5;&#x770B;nginx&#x8DEF;&#x5F84;&#xFF09;</p>
<h4 id="&#x4E8C;&#x3001;&#x7F16;&#x8F91;&#x60A8;&#x7684;nginx&#x57DF;&#x540D;&#x914D;&#x7F6E;&#x6587;&#x4EF6;">&#x4E8C;&#x3001;&#x7F16;&#x8F91;&#x60A8;&#x7684;Nginx&#x57DF;&#x540D;&#x914D;&#x7F6E;&#x6587;&#x4EF6;</h4>
<p>&#x914D;&#x7F6E;&#x524D;&#xFF0C;&#x8981;&#x786E;&#x5B9A;&#x60A8;&#x5DF2;&#x7ECF;&#x5F00;&#x542F;https&#x5F3A;&#x5236;&#x8DF3;&#x8F6C;&#x529F;&#x80FD;&#xFF0C;&#x82E5;&#x672A;&#x5F00;&#x542F;&#xFF0C;&#x8BF7;&#x67E5;&#x770B;Nginx&#x5F3A;&#x5236;&#x8DF3;&#x8F6C;HTTPS&#x5411;&#x5BFC;</p>
<pre><code>add_header Strict-Transport-Security &quot;max-age=63072000; includeSubdomains; preload&quot;;
</code></pre><p>&#x5C06;&#x8DF3;&#x8F6C;&#x4EE3;&#x7801;&#x52A0;&#x81F3; &#x7F51;&#x7AD9;&#x76EE;&#x5F55; &#x540E;</p>
<pre><code>server
{
listen 80;
server_name www.x2ssl.com v2ssl.com;
rewrite ^(.*)$ https://$host$1 permanent;
}
server
{
listen 443 ssl;
ssl on;
ssl_certificate /usr/local/nginx/conf/ssl/v2ssl_com_doamin.pem;
ssl_certificate_key /usr/local/nginx/conf/ssl/v2ssl_com_doamin.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-S HA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-R SA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-SHA:!aNULL:!eNULL:!EXPORT:!DES:!3DES: !MD5:!DSS:!PKS;
ssl_session_cache builtin:1000 shared:SSL:10m;
server_name www.x2ssl.com v2ssl.com;
index index.html index.htm index.php default.html default.htm default.php;
root /home/wwwroot/vhost/v2ssl.com.root/;
add_header Strict-Transport-Security &quot;max-age=63072000; includeSubdomains; preload&quot;;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires     30d;
}
location ~ .*\.(js|css)?$
{
expires     12h;
}
location ~ /\.
{
deny all;
}
location ~ .*\.(tpl|inc|cfg)
{
deny all;
}
access_log off;
}
</code></pre><p>&#x4FDD;&#x5B58;&#x914D;&#x7F6E;&#x6587;&#x4EF6;&#x3002;
&#x4F7F;&#x7528;&#x96C6;&#x6210;&#x73AF;&#x5883;&#x7684;&#x63A7;&#x5236;&#x9762;&#x677F;&#x6216;&#x547D;&#x4EE4;&#x884C; <code>&#x91CD;&#x542F;Nginx</code>&#xFF0C;&#x914D;&#x7F6E;&#x5B8C;&#x6210;</p>
<h3 id="&#x4E09;&#x3001;&#x91CD;&#x542F;&#x548C;&#x6D4B;&#x8BD5;">&#x4E09;&#x3001;&#x91CD;&#x542F;&#x548C;&#x6D4B;&#x8BD5;</h3>
<p>&#x91CD;&#x65B0;&#x542F;&#x52A8;&#x60A8;&#x7684;Nginx&#xFF0C;&#x6E05;&#x9664;&#x6D4F;&#x89C8;&#x5668;&#x7F13;&#x5B58;&#xFF0C;&#x8BBF;&#x95EE;2&#x6B21;&#x67E5;&#x770B;&#x6548;&#x679C;&#x3002;
&#x60A8;&#x4E5F;&#x53EF;&#x4EE5;&#x901A;&#x8FC7;chrome&#x6D4F;&#x89C8;&#x5668;&#x7684;&#x5F00;&#x53D1;&#x8005;&#x9009;&#x9879;&#x2192;&#x7F51;&#x7EDC;&#x9879;&#x67E5;&#x770B;&#x670D;&#x52A1;&#x5668;&#x8FD4;&#x56DE;&#x7684;&#x5934;&#x4FE1;&#x606F;&#xFF0C;&#x6765;&#x5224;&#x65AD;&#x662F;&#x5426;&#x5DF2;&#x7ECF;&#x5F00;&#x542F;HSTS</p>
<p><img src="https://developer.trustocean.com/usr/uploads/2020/07/3285312677.png" alt=""></p>
<p>&#x6839;&#x636E;&#x60A8;&#x5BF9;HSTS&#x7684;&#x914D;&#x7F6E;&#xFF0C;&#x6240;&#x67E5;&#x770B;&#x5230;&#x7684;Strict-Transport-Security&#x914D;&#x7F6E;&#x503C;&#x53EF;&#x80FD;&#x4E0D;&#x4E00;&#x6837;&#x3002;</p>
<p>&#x606D;&#x559C;&#x60A8;&#xFF01;&#x60A8;&#x7684;&#x7F51;&#x7AD9;&#x5DF2;&#x7ECF;&#x5F00;&#x542F;SSL&#x5F3A;&#x5236;&#x8DF3;&#x8F6C;https&#x529F;&#x80FD;&#xFF01; </p>
<footer class="page-footer"><span class="copyright">&#x9655;ICP&#x5907;16016201&#x53F7;,Copyright &#xA9; tysb7 2020 all right reserved&#xFF0C;powered by Gitbook</span><span class="footer-modification">&#x8BE5;&#x6587;&#x7AE0;&#x4FEE;&#x8BA2;&#x65F6;&#x95F4;&#xFF1A;
2020-10-15 11:38:08
</span></footer>
                                
                                </section>
                            
    </div>
    <div class="search-results">
        <div class="has-results">
            
            <h1 class="search-results-title"><span class='search-results-count'></span> results matching "<span class='search-query'></span>"</h1>
            <ul class="search-results-list"></ul>
            
        </div>
        <div class="no-results">
            
            <h1 class="search-results-title">No results matching "<span class='search-query'></span>"</h1>
            
        </div>
    </div>
</div>

                        </div>
                    </div>
                
            </div>

            
                
                <a href="IIS7.html" class="navigation navigation-prev " aria-label="Previous page: IIS7">
                    <i class="fa fa-angle-left"></i>
                </a>
                
                
                <a href="Apache.html" class="navigation navigation-next " aria-label="Next page: Apache">
                    <i class="fa fa-angle-right"></i>
                </a>
                
            
        
    </div>

    <script>
        var gitbook = gitbook || [];
        gitbook.push(function() {
            gitbook.page.hasChanged({"page":{"title":"Nginx","level":"1.3.3","depth":2,"next":{"title":"Apache","level":"1.3.4","depth":2,"path":"install/Apache.md","ref":"install/Apache.md","articles":[]},"previous":{"title":"IIS7","level":"1.3.2","depth":2,"path":"install/IIS7.md","ref":"install/IIS7.md","articles":[]},"dir":"ltr"},"config":{"gitbook":"*","theme":"default","variables":{},"plugins":["hide-element","back-to-top-button","chapter-fold","splitter","-lunr","-search","search-pro","insert-logo","pageview-count","tbfed-pagefooter"],"pluginsConfig":{"tbfed-pagefooter":{"copyright":"陕ICP备16016201号,Copyright &copy tysb7 2020","modify_label":"该文章修订时间：","modify_format":"YYYY-MM-DD HH:mm:ss"},"chapter-fold":{},"splitter":{},"search-pro":{},"hide-element":{"elements":[".gitbook-link"]},"fontsettings":{"theme":"white","family":"sans","size":2},"highlight":{},"back-to-top-button":{},"pageview-count":{},"sharing":{"facebook":true,"twitter":true,"google":false,"weibo":false,"instapaper":false,"vk":false,"all":["facebook","google","twitter","weibo","instapaper"]},"theme-default":{"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"showLevel":false},"insert-logo":{"style":"background: none; max-height: 30px; min-height: 30px","url":"https://allinssl.com/storage/2020/06/02/1591058380-allinlogowhite_.svg"}},"structure":{"langs":"LANGS.md","readme":"README.md","glossary":"GLOSSARY.md","summary":"SUMMARY.md"},"pdf":{"pageNumbers":true,"fontSize":12,"fontFamily":"Arial","paperSize":"a4","chapterMark":"pagebreak","pageBreaksBefore":"/","margin":{"right":62,"left":62,"top":56,"bottom":56}},"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"}},"file":{"path":"install/Nginx.md","mtime":"2020-10-15T03:38:08.244Z","type":"markdown"},"gitbook":{"version":"3.2.3","time":"2020-10-22T08:15:58.383Z"},"basePath":"..","book":{"language":""}});
        });
    </script>
</div>

        
    <script src="../gitbook/gitbook.js"></script>
    <script src="../gitbook/theme.js"></script>
    
        
        <script src="../gitbook/gitbook-plugin-hide-element/plugin.js"></script>
        
    
        
        <script src="../gitbook/gitbook-plugin-back-to-top-button/plugin.js"></script>
        
    
        
        <script src="../gitbook/gitbook-plugin-chapter-fold/chapter-fold.js"></script>
        
    
        
        <script src="../gitbook/gitbook-plugin-splitter/splitter.js"></script>
        
    
        
        <script src="../gitbook/gitbook-plugin-search-pro/jquery.mark.min.js"></script>
        
    
        
        <script src="../gitbook/gitbook-plugin-search-pro/search.js"></script>
        
    
        
        <script src="../gitbook/gitbook-plugin-insert-logo/plugin.js"></script>
        
    
        
        <script src="../gitbook/gitbook-plugin-pageview-count/plugin.js"></script>
        
    
        
        <script src="../gitbook/gitbook-plugin-sharing/buttons.js"></script>
        
    
        
        <script src="../gitbook/gitbook-plugin-fontsettings/fontsettings.js"></script>
        
    

    </body>
</html>

